There are some security considerations to be aware for Browser TVSDK.
- Adobe Flash Player
- Flash Player does not allow access to data that resides outside the domain from which the SWF originated.To allow access, host a cross domain policy file with appropriate permissions at the root of the server that is hosting the data. In Flash Fallback mode in Browser TVSDK (Flash Player version 23 and higher), you need the authorization token for your domain. To generate the token, contact your Adobe representative.
- Browsers and mixed content
- Browsers require that AES-128 encrypted content be hosted over secure Origin (for example, HTTPS).Since most browsers do not allow mixed content, we recommend that the player, the content, and the associated assets such as Key/ WebVTT files are also hosted over secure Origin.Starting in version 2.4.5, if the player is hosted over HTTPS, Browser TVSDK converts the HTTP calls to HTTPS when using MSE technology.